|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
postfix + Cyrus SASL - cannot connect to saslauthd server: No such file
Everything is up and running and answer on calls but the login for postfix doesn't seem to work (it works for Courier IMAP, just not postfix).
Here's the error output: Code:
Jun 30 22:22:10 HOST postfix/smtps/smtpd[31676]: Anonymous TLS connection established from unknown[<my ip>]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Jun 30 22:22:10 HOST postfix/smtps/smtpd[31676]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Jun 30 22:22:10 HOST postfix/smtps/smtpd[31676]: warning: SASL authentication failure: Password verification failed Jun 30 22:22:10 HOST postfix/smtps/smtpd[31676]: warning: unknown[<my ip>]: SASL PLAIN authentication failed: generic failure Here's `/usr/local/lib/sasl2/smtpd.conf`: Code:
pwcheck_method: saslauthd mech_list: PLAIN LOGIN authdaemond_path: /var/run/courier-auth/socket log_level: 7 `# ls -l /var/run/courier-auth/` Code:
total 4 -rw-r--r-- 1 root wheel 5 Jun 30 22:19 pid -rw------- 1 root wheel 0 Jun 30 22:19 pid.lock srwxrwxrwx 1 root _postfix 0 Jun 30 22:19 socket Code:
[...] authmodulelist="authpwd" [...] authdaemonvar=/var/run/courier-auth [...] System: ======= * OpenBSD 5.3 * postfix-2.10.20130201-sasl2 * courier-authlib-0.64.0 * courier-imap-4.11.0 Edit: I've also taken into account that postfix runs in a chrooted environment (tried not chrooting as well just for the sake of it) and thus i created a symlink from /var/run/courier-auth -> /storage/spool/postfix/var/run/courier-auth without success. note: Code:
# testsaslauthd -u anton -p PassWord123 -f /var/run/courier-auth/socket -s smtp size read failed Code:
# testsaslauthd -u anton -p PassWord123 -s smtp connect() : No such file or directory |
|
|||
Got a little bit closer to the solution.
The startup was missing some parameters aparently (don't know how i came to that comclulsion), but i modified the `/etc/rc.d/saslauthd` with the following outcome: Code:
daemon_flags="-a getpwent -m /var/run/courier-auth/" Code:
0: OK "Success." However IMAP has stoped working, and i don't know why.. Code:
Jul 1 10:50:13 HOST imapd-ssl: authentication error: Connection refused Jul 1 10:50:14 HOST imapd-ssl: authdaemon: s_connect() failed: Connection refused Jul 1 10:50:14 HOST imapd-ssl: [Hint: perhaps authdaemond is not running?] Last edited by Torxed; 1st July 2013 at 09:01 AM. |
|
|||
Usually pkg_add displays a message with some configuration hints. You could use pkg_info -M <package_name> to see whether there are any of those.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Quote:
Code:
# pkg_info -M courier-imap Information for inst:courier-imap-4.11.0 Install notice: You now need to edit appropriately the Courier-IMAP configuration files installed in /etc/courier/. Pay particular attention to the details in imapd.cnf, and read ssl(8) if necessary. You MUST set the CN in imapd.cnf to the hostname by which your IMAP server is accessed, or else clients will complain. When this is done, you can use the 'mkimapdcert' script to automatically generate a server certificate, which is installed into /etc/ssl/imapd.pem The last few lines tells me to edit IMAP configuration files in /etc/courier/ which is a no-brainer.. So it leaves me with:
|
|
|||
Ok, so i've managed to get IMAP(courier) and SMTP(postfix) support working with SASL2 but, IMAP reports invalid credentials...
I'm not sure that this parameter is correct `/usr/local/lib/sasl2/smtpd.conf`: Code:
authdaemond_path: /var/run/courier-auth/ Here's the entire `/usr/local/lib/sasl2/smtpd.conf`: Code:
pwcheck_method: saslauthd mech_list: PLAIN LOGIN authdaemond_path: /var/run/courier-auth/ saslauthd_path: /var/run/courier-auth/mux autotransition:true log_level: 3 Code:
authmodulelist="authpwd" authmodulelistorig="authpwd" daemons=5 authdaemonvar=/var/run/courier-auth DEBUG_LOGIN=1 DEFAULTOPTIONS="" LOGGEROPTS="" Code:
SSLPORT=993 SSLADDRESS=0 SSLPIDFILE=/var/run/courier/imapd-ssl.pid SSLLOGGEROPTS="-name=imapd-ssl" IMAPDSSLSTART=YES IMAPDSTARTTLS=NO IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/local/bin/couriertls TLS_CERTFILE=/etc/ssl/imapd.pem TLS_TRUSTCERTS=/etc/ssl/cert.pem TLS_VERIFYPEER=NONE MAILDIRPATH=/storage/mail And this is how i start the whole shebang: (note: saslauthd is normally started via /etc/rc.d but i unfolded that script for viewers convencience) Code:
/usr/local/sbin/saslauthd -a getpwent -m /var/run/courier-auth/ /usr/local/sbin/authdaemond start /usr/local/libexec/imapd.rc start /usr/local/libexec/imapd-ssl.rc start /etc/rc.d/postfix start And this is what the `/var/run/` directory looks like: Code:
drwxr-x--- 2 _courier _courier 512 Jul 1 14:49 courier lrwxr-xr-x 1 root wheel 43 Jul 1 14:47 courier-auth -> /storage/spool/postfix/var/run/courier-auth Code:
srwxrwxrwx 1 root _postfix 0 Jul 1 14:49 mux -rw------- 1 root _postfix 0 Jul 1 14:49 mux.accept -rw-r--r-- 1 root _postfix 5 Jul 1 14:49 pid -rw------- 1 root _postfix 0 Jul 1 14:49 pid.lock -rw------- 1 root _postfix 6 Jul 1 14:49 saslauthd.pid srwxrwxrwx 1 root _postfix 0 Jul 1 14:49 socket Code:
Jul 1 15:04:50 HOST imapd-ssl: LOGIN FAILED, method=PLAIN, ip=[::ffff:<ipv4>] Jul 1 15:04:55 HOST imapd-ssl: LOGIN FAILED, user=anton, ip=[::ffff:<ipv4>] postfix SMTP works in the sense that the server accepted the authentication and reports back to the client that the mail is in queue. courier IMAP however does not authenticate as it should (either via SSL or plain IMAP). |
|
||||
I'm not a Postfix user, but last year in trying to help someone else with TLS/SASL and Postfix I found this link. Don't use 2048-bit DSA.
http://www.mail-archive.com/openssl-.../msg47175.html |
|
|||
Quote:
And it's not a SSL/TLS related issue, thx tho. |
|
|||
Ok so i solved that issue, aparently in `/etc/courier/imapd` placing "DEFDOMAIN=domain.se" was a bad idea because for some reason that screws everything up.
Dumped that, and now IMAP works as well.. almost.. creating a new thread for that because this is getting full with clutter, and the original problem is solved. |
Tags |
openbsd 5.3, postfix, sasl |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OBSD, Postfix, TLS, Sasl *pulling my hair out.* | Dazhelpwiz | OpenBSD General | 2 | 31st October 2012 01:04 AM |
connect to l2pd server | mfaridi | FreeBSD General | 1 | 9th January 2011 12:48 PM |
Problem with Postfix and Sasl auth | unixbsd | OpenBSD General | 1 | 27th April 2009 03:26 AM |
Postfix, SASL w/ LDAP | kronic | OpenBSD General | 2 | 19th June 2008 06:49 AM |
Working Configuration for Openbsd 4.0 - Postfix - SASL - TLS | roundkat | Guides | 0 | 4th May 2008 05:38 PM |